Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sso: login workflow implementation #15816

Merged
merged 11 commits into from
Jan 19, 2023
Merged

sso: login workflow implementation #15816

merged 11 commits into from
Jan 19, 2023

Conversation

jrasell
Copy link
Member

@jrasell jrasell commented Jan 18, 2023
edited
Loading

Related #13120

All code has been previously reviewed.

Code represents the full OIDC workflow integration and has been tested by the project team. Once this is merged, all followup PRs should target main. I will also cleanup old SSO branches once merged.

Note: this commit updates the semgrep rule to account for known unauthenticated OIDC RPCs. It's small but is worth a quick glance at.

pkazmierczak and others added 10 commits January 10, 2023 16:08
@pkazmierczak
acl: binding rules evaluation (#15697)
4cd60c3 
Binder provides an interface for binding claims and ACL roles/policies of Nomad.
@jrasell
rpc: add OIDC login related endpoints.
ec0822a 
This adds new OIDC endpoints on the RPC endpoint. These two RPCs
handle generating the OIDC provider URL and then completing the
login by exchanging the provider token with an internal Nomad
token.

The RPC endpoints both do double forwarding. The initial forward
is to ensure we are talking to the regional leader; the second
then takes into account whether the auth method generates local or
global tokens. If it creates global tokens, we must then forward
onto the federated regional leader.
@jrasell
lib: add OIDC provider cache and callback server.
872bb4f 
The OIDC provider cache is used by the RPC handler as the OIDC
implementation keeps long lived processes running. These process
include connections to the remote OIDC provider.

The Callback server is used by the CLI and starts when the login
command is triggered. This callback server includes success HTML
which is displayed when the user successfully logs into the remote
OIDC provider.
@jrasell
api: add OIDC HTTP API endpoints and SDK.
0279d95
@jrasell
cli: add login command to allow OIDC provider SSO login.
531bada
@jrasell
deps: add OIDC required deps to main module.
847bf72
@jrasell
updates based on code review from @tgross.
ebc76d2
@philrenaud
[sso] OIDC Updates for the UI (#15804)
d57b805 
* Updated UI to handle OIDC method changes

* Remove redundant store unload call
@jrasell
Merge pull request #15764 from hashicorp/jrasell/gh-13120-oidc-login
ca753cf 
sso: add OIDC login RPC, HTTP, and CLI workflow
@jrasell
Merge branch 'main' into sso/gh-13120-oidc-login
859cb6e
@jrasell jrasell added this to the 1.5.0 milestone Jan 18, 2023
@jrasell jrasell self-assigned this Jan 18, 2023
@github-actions
Copy link

github-actions bot commented Jan 18, 2023
edited
Loading

Ember Asset Size action

As of 54cc797

Files that got Bigger 🚨:

File raw gzip
nomad-ui.js +302 B +65 B

Files that stayed the same size 🤷‍:

File raw gzip
vendor.js 0 B 0 B
nomad-ui.css 0 B 0 B
vendor.css 0 B 0 B

@jrasell jrasell force-pushed the sso/gh-13120-oidc-login branch from c93fcd8 to b0d633f Compare January 18, 2023 10:16
@jrasell jrasell force-pushed the sso/gh-13120-oidc-login branch from b0d633f to 54cc797 Compare January 18, 2023 10:18
@github-actions
Copy link

github-actions bot commented Jan 18, 2023
edited
Loading

Ember Test Audit comparison

main b0d633ffeb5d2a9ac5b8e370f3dbcdf6ac5d2467 change
passes 1452 1452 0
failures 0 0 0
flaky 0 0 0
duration 10m 21s 215ms 12m 34s 136ms +2m 12s 921ms

@jrasell jrasell merged commit 0745e25 into main Jan 19, 2023
@jrasell jrasell deleted the sso/gh-13120-oidc-login branch January 19, 2023 08:29
@Fuco1
Copy link
Contributor

Fuco1 commented May 5, 2023

@jrasell James, I have nothing to add except to thank you for this feature. I was waiting for this since v0.1 😁 ❤️ hashicorp rocks!

@jrasell
Copy link
Member Author

jrasell commented May 5, 2023

@jrasell James, I have nothing to add except to thank you for this feature. I was waiting for this since v0.1 😁 ❤️ hashicorp rocks!

@Fuco1 that's super kind and I'll pass the message on internally. Thanks for your contributions both in code and in general as being a part of the community!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkazmierczak pkazmierczak pkazmierczak approved these changes

@philrenaud philrenaud Awaiting requested review from philrenaud

Assignees

@jrasell jrasell

Labels
None yet
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.
4 participants
@jrasell @Fuco1 @pkazmierczak @philrenaud